How CIOs Can Prepare for Healthcare ‘Data Tsunami’

Research firm IDC predicts an exponential increase in healthcare data, including data from new sources outside the control of IT. In response, CIOs need to prioritize compliance in governance policies and get a handle on 'shadow IT.'

To paint a picture, the authors of the report suggest storing all of that data on a stack of tablet computers. By the 2013 tally, that stack would reach nearly 5,500 miles high. Seven years later, that tower would grow to more than 82,000 miles high, bringing you more than a third of the way to the moon.

So how then to cope with what Lynne Dunbrack, research vice president with IDC Health Insights, calls a "data tsunami"?

"Identify who owns the data and build consensus on data definitions," Dunbrack says in an email. "Understanding what the data means is key to making data governance and interoperability work, and is essential for analytics, big data initiatives and quality reporting initiatives, among other things."

To be sure, ironing out data governance policies within a healthcare organization is anything but a black-and-white process. Complicating matters significantly are the diverse and growing sources of medical data, each raising distinctive ownership and compliance questions.

EHR Systems Mature, Cloud Adoption Growing in Healthcare

Electronic health record (EHR) systems, already in use at a large majority of hospitals, account for a great deal of the data production IDC is tracking. But a whole galaxy of other health applications, along with an increasing volume of data-intensive medical images, is also adding to the pile. As are user-generated data sources, such as personal fitness apps embedded in wearable devices.

IDC notes an 80 percent penetration for EHRs today, projecting that figure to vault to 95 percent in 2020. What's more, in a sign that the technology is maturing, IDC estimates that second-generation technology will account for half of the EHRs in use by the end of the decade.

According to Dunbrack, 58 percent of care providers are either "dissatisfied or neutral" about their current EHR system, and 22 percent have already upgraded to a second-generation technology.

She notes that the cloud is winning greater adoption in the healthcare field as CIOs look to roll out certified EHRs that satisfy meaningful use standards and other compliance concerns, while it also provides a level of agility and flexibility unavailable through more static systems.

"Cloud also allows them to 'pay as they go/grow,' which is attractive to smaller healthcare organizations with limited financial and technical resources," she says. "Providers are moving away from monolithic EHRs to more platforms with more nimble APIs that enable greater interoperability with other clinical systems."

But with every upgrade and feature enhancement come more data, which can create challenges around finding the "needle in the haystack," the report notes.

Healthcare Organizations Need to Invest in Big Data Analytics

To that end, Dunbrack recommends that healthcare organizations prioritize investments in big data and analytics technologies, especially predictive analytics, to help distinguish the "signal from the noise, enabling healthcare organization to focus on those patients who would benefit from clinical interventions while still monitoring those that [are] relatively healthy."

CIOs Need to Control Shadow IT, Beware Cyberattacks

Then, too, there is the proliferation of systems beyond the hospital CIO's control, what IDC terms "shadow IT," which could include systems purchased outside the normal IT channels, the tablets and smartphones used by community physicians, and patient-generated data.

"The consumerization of technology and the shift to cloud-based healthcare IT solutions is making it easier for line of business buyers to acquire cloud-based solutions without involving IT," Dunbrack says.

"Healthcare CIOs do need to gain control over these shadow IT initiatives to ensure they do not introduce compliance and security risks, and they do not create additional data siloes because they have not been properly integrated with other healthcare systems," she adds, arguing that "there needs to be a closer alignment between IT and the lines of business."

The security and compliance concerns, already acute in an arena with highly sensitive data such as healthcare, are only exacerbated by the proliferation of data in uncontrolled environments. According to IDC's report, 93 percent of all health data needs strong security protections, but that only 57 percent is satisfactorily protected today, while the remainder is at an unacceptably high risk.

IDC points to the fallout that can come from a breach of a healthcare provider, including financial penalties, remediation costs and the loss of patients' trust.

And Dunbrack warns that it's no idle threat, noting that healthcare groups are becoming a more popular target for increasingly sophisticated hackers.

"Keep in mind that healthcare organizations are increasingly more vulnerable to cyberattacks," Dunbrack says. "It's a matter of when, not if, healthcare organizations will be attacked, and cyberattacks are becoming more sophisticated as cybercriminals shift their focus from retail and financial services to softer targets like healthcare."